Effective Date: 03 March 2026 | Version: 2.0
Legal Compliance Notice: This Privacy Policy is drafted in compliance with: (i) the Information Technology Act, 2000; (ii) the IT (Reasonable Security Practices and SPDI) Rules, 2011; (iii) the Digital Personal Data Protection Act, 2023 ("DPDP Act"); (iv) the IT (Intermediary Guidelines and Digital Media Ethics Code) Rules, 2021; and (v) the Consumer Protection Act, 2019.
Important Notice: This Privacy Policy is issued by Webmentics, a Registered Partnership Firm. It governs how the Firm — as a business entity — processes personal data of its Customers. No individual Partner of the Firm holds, controls, or is personally responsible for personal data collected by the Firm.
Webmentics is a Registered Partnership Firm constituted under the Indian Partnership Act, 1932, operating logistics and delivery services through its website www.webmentics.com and mobile application webmentics (collectively, the "Platform"). In this Policy, "Firm", "We", "Us", or "Our" refers exclusively to the Firm as a business entity.
| Business Name | Webmentics |
| Business Type | Registered Partnership Firm (Indian Partnership Act, 1932) |
| Registered Address | Malow-Ali, Jorhat, Assam – 785001 |
| GST Number | [GSTIN] |
| Contact Email | webmentics@gmail.com |
| Helpline | [Phone Number] |
| Grievance / Data Protection Officer | [Name] – [email] – [phone] |
This Privacy Policy applies specifically to Customers who interact with the Webmentics Platform, including:
Acceptance: By accessing or using the Platform, you acknowledge that you have read, understood, and consent to the practices described in this Privacy Policy. If you do not agree, you must immediately discontinue use of the Platform. Your continued use constitutes ongoing acceptance.
This Policy covers only the Firm's data processing activities. The Firm is NOT responsible for the data practices of third-party websites, payment gateways, logistics partners, or any external platforms linked from the Firm's Platform. Users must review the privacy policies of those third parties independently.
The Firm collects the following categories of personal data from Customers:
The Firm collects shipment content data ONLY as declared by the Customer. The Firm does not independently verify the contents of shipments and assumes no liability for inaccurate declarations. The responsibility for accurate declaration rests entirely with the Customer.
Under the IT (SPDI) Rules, 2011, the following Customer data is classified as Sensitive Personal Data and is subject to heightened protection:
We collect SPDI only with your explicit written/digital consent and solely for the purposes specified in this Policy. SPDI will not be shared with any third party except as strictly necessary for service delivery or as required by law.
The Firm follows the principle of data minimisation and collects only such data as is necessary for the specified purposes described in this Policy.
You are not obligated to provide all data requested. However, failure to provide certain mandatory data (e.g., delivery address, contact number) may prevent the Firm from providing the service. The Firm bears no liability for non-delivery or service failure resulting from incomplete data provided by the user.
We process your personal data ONLY for the following specified, lawful purposes. We will not use your data for any other purpose without seeking fresh consent:
| Purpose | Legal Basis (DPDP Act 2023 / IT Act) |
|---|---|
| Processing and fulfilling delivery bookings | Contractual necessity |
| Verifying identity (KYC where required) | Legal obligation & legitimate use |
| Processing payments and remittances | Contractual necessity |
| Real-time delivery tracking and ETA updates | Contractual necessity & consent |
| Customer support and grievance resolution | Legitimate use & legal obligation |
| Fraud detection, risk assessment, platform security | Legitimate use |
| Compliance with legal obligations (GST, TDS, Court orders) | Legal obligation |
| Sending transactional notifications (SMS, Email, WhatsApp) | Consent & contractual necessity |
| Improving platform features and user experience | Legitimate use |
| Sending promotional offers (only with opt-in consent) | Explicit consent |
The Firm does not engage in automated profiling, algorithmic decision-making with legal effects, or targeted advertising using personal data. Data processed for internal analytics is anonymised or aggregated before use.
The Firm may analyse user behaviour on the Platform, including interaction patterns, booking frequency, navigation flows, and feature usage, to improve service efficiency, optimise delivery routes, enhance user experience, and develop new features. Such analysis is conducted using aggregated or pseudonymised data wherever feasible and does not involve automated decision-making that produces legal or similarly significant effects on users.
The Firm may monitor device information, transaction patterns, IP address activity, and platform usage behaviour to detect, prevent, and investigate fraud, abuse, or illegal activities. This may include automated flagging of suspicious activities; however, no final decision affecting users shall be made solely through automated processing without human review.
The Firm may use user data such as past bookings, location preferences, and usage patterns to personalise the Platform experience, including displaying relevant service options, improving delivery estimates, and enhancing user convenience. The Firm does not engage in intrusive profiling or targeted advertising involving third-party data sharing.
The Firm may use anonymised and aggregated data to develop new services, improve logistics efficiency, optimise pricing models, and enhance operational performance.
The Platform may use algorithmic tools to assist in route optimisation, delivery allocation, and estimated time predictions. These tools are assistive in nature and do not constitute fully automated decision-making systems.
The Firm does NOT sell, rent, or trade your personal data to any party for commercial purposes. Data is shared only as set out below:
All third-party service providers engaged by the Firm are bound by appropriate data processing agreements and are prohibited from using personal data for their own commercial purposes. However, the Firm is NOT liable for any breach by such third parties beyond what is recoverable under those agreements.
The Firm may collaborate with academic institutions, industry research partners, or innovation programmes for analytical purposes, provided that such data is anonymised and cannot identify individual users.
The Firm will disclose personal data to law enforcement agencies, courts, or regulatory authorities when required by law, court order, or to protect public safety. The Firm will cooperate fully with government authorities investigating cybercrime, fraud, illegal shipments, or tax evasion. Such disclosure shall not constitute a breach of this Policy.
In the event of a merger, acquisition, dissolution, or sale of the Firm's business or assets, personal data may be transferred to the successor entity under the same privacy obligations. Users will be notified of such transfer where reasonably practicable.
The Platform uses cookies, in-app storage mechanisms, and similar tracking technologies for the following purposes: keeping you logged in, remembering preferences, analysing app usage, and improving app performance.
You can manage or reset cookie and storage data by clearing the app's data through your device settings (Settings → Apps → Webmentics → Clear Data). Please note that clearing app data will log you out and reset all saved preferences. The Firm does NOT use third-party advertising cookies or sell usage data to advertisers.
The Firm retains personal data only for as long as necessary for the stated purposes or as required by law:
| Data Category | Retention Period |
|---|---|
| Customer transaction & booking records | 5 years (GST & taxation compliance) |
| Payment & financial records | 8 years (Income Tax Act requirement) |
| Customer support communications | 2 years |
| Electronic agreement acceptance logs | 3 years (IT Act evidentiary requirement) |
| GPS location data (active sessions) | Deleted within 90 days of session end |
| Promotional consent records | 3 years or until consent is withdrawn |
| Fraud & security incident records | 7 years (legal defence purposes) |
Retention periods are set to comply with minimum legal requirements. The Firm may retain data beyond these periods ONLY where required by a court order, ongoing legal proceeding, regulatory investigation, or statutory mandate.
The Firm implements reasonable security practices and procedures as required under Rule 8 of the IT (SPDI) Rules, 2011, and the DPDP Act, 2023:
Limitation: No system of data security is impenetrable. The Firm provides security measures as required by law but DOES NOT GUARANTEE absolute security against all unauthorised access or cyberattacks. The Firm shall not be liable for losses arising from security breaches that are outside its reasonable control.
Under the Digital Personal Data Protection Act, 2023, you have the following rights:
You may request a summary of the personal data held about you and the purposes for which it is processed. Requests must be submitted to webmentics@gmail.com with subject "Data Rights Request – [Your Name]".
You may request correction of inaccurate personal data, or deletion of data that is no longer necessary for the stated purpose, subject to the Firm's legal retention obligations.
Where processing is based on consent, you may withdraw it at any time by written notice. Withdrawal does not affect the lawfulness of prior processing. Upon withdrawal, the Firm may be unable to continue providing certain services.
Privacy complaints will be acknowledged within 48 hours and the Firm will endeavour to resolve them within 30 days. If unresolved, you may approach the Data Protection Board of India once constituted under the DPDP Act, 2023.
Under the DPDP Act, 2023, you may nominate another individual to exercise your data rights on your behalf in the event of your death or incapacity. Nomination requests must be submitted in writing.
Email webmentics@gmail.com with subject "Data Rights Request – [Your Name]". Include your registered mobile number or email for identity verification. The Firm will respond within 30 days of verifying your identity.
Minors: Consent for persons below 18 years of age must be provided by a verifiable parent or lawful guardian, as required under Section 9 of the DPDP Act, 2023. The Firm bears no liability for false declarations of age by users.
The Platform may contain links to third-party websites, payment gateways, or external platforms. This Privacy Policy does not apply to those platforms. The Firm is NOT responsible for, and expressly disclaims all liability in connection with, the privacy practices, data collection, or security of third-party platforms.
The Firm is committed to handling personal data responsibly and transparently, while balancing operational efficiency and user privacy.
TO THE FULLEST EXTENT PERMITTED BY THE DPDP ACT, 2023 AND OTHER APPLICABLE LAW, THE FIRM'S TOTAL LIABILITY FOR ANY DATA PRIVACY BREACH, COMPLAINT, OR CLAIM SHALL BE LIMITED TO THE PENALTIES MANDATED BY THE DATA PROTECTION BOARD OF INDIA UNDER THE DPDP ACT, 2023. THE FIRM SHALL HAVE NO LIABILITY BEYOND THIS STATUTORY FRAMEWORK.
The Firm shall specifically have no liability for:
NO INDIVIDUAL PARTNER OF WEBMENTICS SHALL HAVE PERSONAL LIABILITY TO ANY USER FOR ANY DATA BREACH, PRIVACY VIOLATION, OR CLAIM UNDER THIS POLICY. ALL SUCH LIABILITY, IF ANY, IS THAT OF THE FIRM AS A BUSINESS ENTITY ONLY, WITHIN THE STATUTORY LIMITS OF THE DPDP ACT, 2023.
In accordance with the IT Act, 2000, IT Intermediary Guidelines, 2021, and the DPDP Act, 2023, the Firm has designated a Grievance Officer:
| Grievance Officer Name | [Full Name] |
| Designation | [Partner / Compliance Manager] |
| [grievance@webmentics.com] | |
| Phone | [Phone Number] |
| Address | Chandan-Nagar, Jorhat, Assam – 785001 |
| Working Hours | Monday to Saturday, 10:00 AM to 6:00 PM IST |
| Response Time | Acknowledgement within 48 hours; Resolution within 30 days |
The Firm reserves the right to update this Privacy Policy at any time at its sole discretion. The revised Policy will be published with an updated Effective Date. For material changes affecting user rights, the Firm will endeavour to provide notice via email, SMS, or in-app notification. Continued use of the Platform after any update constitutes acceptance.
This Privacy Policy is governed exclusively by the laws of India, including the IT Act, 2000, the DPDP Act, 2023, and the IT (SPDI) Rules, 2011. Any disputes arising from this Policy shall be subject to the mandatory dispute resolution process set out in the Firm's Customer Service Agreement. Subject to arbitration, the courts at Guwahati and/or Jorhat, Assam, shall have exclusive jurisdiction.
| webmentics@gmail.com | |
| Phone / WhatsApp | [Phone Number] |
| Postal Address | Chandan Nagar, Jorhat, Assam – 785001 |
| Website | www.webmentics.com/privacy |
| In-App | Settings > Help & Support > Privacy Request |